Biometric authentication can be implemented by means of facial recognition, fingerprint identification, iris recognition, and the like. However, high cost of relevant hardware implementation hinders popularization of biometric authentication for daily use in mobile devices. Moreover, faces and irises are often exposed to the public in our daily lives and fingerprints are easily left on things touched unconsciously, resulting in high risk of identity theft. Therefore, use of character-based passwords is still a popular choice for user authentication in fields like transaction and access control. However, since character-based passwords are prone to stealing attacks, if a credit card fraud is committed, there may be dispute over the identity of the person who has made a payment by inputting the correct password.